CVE-2026-14687

Summary

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
666ghjBettaFish1.2.0affected
666ghjBettaFish1.2.1affected

Weaknesses

  • CWE-187: Partial String Comparison
  • CWE-697: Incorrect Comparison

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References